use hydra userinfo and id_token info
This commit is contained in:
TuxCoder
parent
2a349d132a
commit
7a796825d0
|
|
@ -16,32 +16,6 @@ from ..auth_providers import LdapAuthProvider
|
||||||
|
|
||||||
api_views = Blueprint('api', __name__, url_prefix='/api')
|
api_views = Blueprint('api', __name__, url_prefix='/api')
|
||||||
|
|
||||||
@api_views.route('/userinfo', methods=['GET', 'POST'])
|
|
||||||
def userinfo():
|
|
||||||
if 'authorization' not in request.headers:
|
|
||||||
return 'not token found', 400
|
|
||||||
token = request.headers['authorization'].replace('Bearer ', '')
|
|
||||||
token_info = current_app.hydra_api.introspect_o_auth2_token(token=token)
|
|
||||||
if not token_info.active:
|
|
||||||
return 'token not valid', 403
|
|
||||||
|
|
||||||
user_db = User.query.get(token_info.sub)
|
|
||||||
user = User.query_().by_username(user_db.username)
|
|
||||||
|
|
||||||
public_url = current_app.config.get('HYDRA_PUBLIC_URL')
|
|
||||||
r = requests.get(
|
|
||||||
f"{public_url}/userinfo",
|
|
||||||
headers={
|
|
||||||
'authorization': request.headers['authorization']})
|
|
||||||
userinfo = r.json()
|
|
||||||
scopes = token_info.scope.split(' ')
|
|
||||||
if 'email' in scopes:
|
|
||||||
userinfo['email'] = str(user.email)
|
|
||||||
if 'profile' in scopes:
|
|
||||||
userinfo['username'] = str(user.username)
|
|
||||||
print(userinfo)
|
|
||||||
return jsonify(userinfo)
|
|
||||||
|
|
||||||
|
|
||||||
@api_views.route('/users', methods=['GET'])
|
@api_views.route('/users', methods=['GET'])
|
||||||
def user_list():
|
def user_list():
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ from flask.templating import render_template
|
||||||
from flask_babel import gettext
|
from flask_babel import gettext
|
||||||
|
|
||||||
from flask import request, url_for
|
from flask import request, url_for
|
||||||
from flask_login import login_required, login_user, logout_user
|
from flask_login import login_required, login_user, logout_user, current_user
|
||||||
import logging
|
import logging
|
||||||
from urllib.parse import urlparse
|
from urllib.parse import urlparse
|
||||||
from base64 import b64decode, b64encode
|
from base64 import b64decode, b64encode
|
||||||
|
|
@ -36,9 +36,16 @@ def consent():
|
||||||
|
|
||||||
requested_scope = consent_request.requested_scope
|
requested_scope = consent_request.requested_scope
|
||||||
requested_audiences = consent_request.requested_access_token_audience
|
requested_audiences = consent_request.requested_access_token_audience
|
||||||
user = User.query.get(consent_request.subject)
|
|
||||||
|
|
||||||
if form.validate_on_submit() or consent_request.skip:
|
if form.validate_on_submit() or consent_request.skip:
|
||||||
|
token_data = {
|
||||||
|
'preferred_username': str(current_user.username),
|
||||||
|
'email': str(current_user.email),
|
||||||
|
'email_verified': True,
|
||||||
|
}
|
||||||
|
id_token_data = {}
|
||||||
|
if 'openid' in requested_scope:
|
||||||
|
id_token_data = token_data
|
||||||
resp = current_app.hydra_api.accept_consent_request(
|
resp = current_app.hydra_api.accept_consent_request(
|
||||||
consent_request.challenge, body={
|
consent_request.challenge, body={
|
||||||
'grant_scope': requested_scope,
|
'grant_scope': requested_scope,
|
||||||
|
|
@ -46,10 +53,8 @@ def consent():
|
||||||
'remember': form.data['remember'],
|
'remember': form.data['remember'],
|
||||||
'remember_for': remember_for,
|
'remember_for': remember_for,
|
||||||
'session': {
|
'session': {
|
||||||
'access_token': {},
|
'access_token': token_data,
|
||||||
'id_token': {
|
'id_token': id_token_data
|
||||||
'preferred_username': user.username
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
return redirect(resp.redirect_to)
|
return redirect(resp.redirect_to)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue